Date: Tue, 1 Aug 2006 02:23:02 +0800 From: "jan gestre" <freebsd.ph@gmail.com> To: "Svein Halvor Halvorsen" <svein.h@lvor.halvorsen.cc> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: portsdb output and portaudit question Message-ID: <a25afc300607311123u5f7e6f24taab3f176afd6ea7a@mail.gmail.com> In-Reply-To: <44CE47F0.8020505@lvor.halvorsen.cc> References: <a25afc300607311057s6072667bsf14671c83c609813@mail.gmail.com> <44CE47F0.8020505@lvor.halvorsen.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/1/06, Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc> wrote: > > jan gestre wrote: > > i was trying to portupgrade ruby coz portaudit is complaining of > > vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at > > first i couldn't upgrade ruby coz portupgrade is complaining maybe coz > > portaudit but someone in the list suggested this: > > > > # portupgrade -Rr -m DISABLE_VULNERABILITIES="yes" ruby > > > > whoala it installed the ruby package but still portaudit complains even > > though the installed version is current which has no vulnerability. is > this > > normal? any way to fix these? > > > This is expected behavior. The ports system will let you upgrade a > vulnerable port without complaint. It will however complain if you try > to install (or upgrade to) a version that has vulnerabilities. Since > portupgrade complained, it's no surprise that portaudit also complains > after the forced upgrade. > > This means that either the version in ports aren't fixed yet (the > existence of a vulnerability of a prior version does not imply that said > vulnerability is fixed in the current version), or that your ports tree > is out of date. Seeing that the latter is not true, I would say you > just have to wait for an updated version to appear in ports. > > You can create an account at freshports and ad ruby to your "watch > list". That means you'll get notified when new versions arrive. > > > i portupgrade the previous version ruby-1.8.4_8,1 to the current version > which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that > the new version is not anymore affected by the vulnerabilities of the old > version meaning the maintainer already fixed this, however portaudit is > still complaining. and how about the portsdb output? why is it complaining > of stuff i don't have installed? TIA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a25afc300607311123u5f7e6f24taab3f176afd6ea7a>